z/osmf v2.2 implementation and configuration - … · z/osmf v2.2 implementation and configuration...
TRANSCRIPT
© Copyright IBM Corporation 2015. These materials may not be reproduced in whole or in part without the prior written permission of IBM.
z/OSMF V2.2 Implementation and
Configuration
Greg DaynesIBM STSM – z/OS Installation and Deployment Architect
1September 2015© Copyright IBM Corporation 2015. These materials may not be reproduced in
whole or in part without the prior written permission of IBM.
Agenda
• Background
• Overview of z/OSMF
• z/OSMF V1 (R11-R13) Configuration
• z/OSMF V2.1 Configuration
• Configuration Changes for z/OSMF V2.2
• New user setup to configure z/OSMF “base”
• Existing user migrating to z/OSMF V2.2
• Accessing the z/OSMF Welcome Page
• Adding additional “plug-ins”
• Configuring the z/OS requisites
• Configuring z/OSMF to include the “plug-ins”
• Adding External Plug-ins (e.g., SDSF)
• Secure Communication Between z/OSMF Instances
• Authorizing users to z/OSMF
2September 2015© Copyright IBM Corporation 2015. These materials may not be reproduced in
whole or in part without the prior written permission of IBM.
Agenda
• Background
• Overview of z/OSMF
• z/OSMF V1 (R11-R13) Configuration
• z/OSMF V2.1 Configuration
• Configuration Changes for z/OSMF V2.2
• New user setup to configure z/OSMF “base”
• Existing user migrating to z/OSMF V2.2
• Accessing the z/OSMF Welcome Page
• Adding additional “plug-ins”
• Configuring the z/OS requisites
• Configuring z/OSMF to include the “plug-ins”
• Adding External Plug-ins (e.g., SDSF)
• Secure Communication Between z/OSMF Instances
• Authorizing users to z/OSMF
3September 2015© Copyright IBM Corporation 2015. These materials may not be reproduced in
whole or in part without the prior written permission of IBM.
IBM z/OS Management Facility
• The IBM z/OS Management Facility is a
now a part of z/OS V2.2 that provides
support for a modern, Web-browser
based management console for z/OS.
• It helps system programmers more
easily manage and administer a
mainframe system by simplifying day to
day operations and administration of a
z/OS system.
• More than just a graphical user interface,
the z/OS Management Facility is
intelligent, addressing the needs of a
diversified skilled workforce and
maximizing their productivity. • Automated tasks can help reduce the
learning curve and improve productivity.
• Embedded active user assistance (such as
wizards) guide you through tasks and helps
provide simplified operations.
4September 2015© Copyright IBM Corporation 2015. These materials may not be reproduced in
whole or in part without the prior written permission of IBM.
z/OS Management Facility
Configuration Assistant for z/OS Communications Server (z/OSMF V1.11) Simplified configuration and setup of TCP/IP policy-based networking functions
WLM Policy Editor (z/OSMF V1.12)Simplified management of WLM service definitions and policies. Facilitate the creation and editing of WLM service definitions, installation of WLM service definitions, and activation of WLM service policies
Resource Monitoring (z/OSMF V1.12) Provides dynamic real time metrics for system performance
Capacity Provisioning (z/OSMF V1.13) simplify the work of a z/OS CP administrator to manage connections to CPMs, view reports for domain status, active configuration and active policy.
Software Management (z/OSMF V1.13) provides a simple, structured approach to deploying SMP/E installed software, In addition, it allows for inspection of a software instance to view the product, feature, FMID content, SYSMODS, as well as the physical datasets that comprise a particular software instance. It also enables you to perform actions to analyze and report on software instances (such as identifying installed products with an announced end of service date).
z/OSMF Base Services:
•Security integration with SAF (z/OSMF V1.13)
•ISPF Web UI (z/OSMF V1.13)
•REST API for Jobs (z/OSMF V1.13)
•REST API for Data Sets and Files (z/OSMF V2.1 with PTF UI16044)
•REST API for z/OSMF Information Retrieval (z/OSMF V2.1 with PTF UI90005)
•REST API for z/OSMF Systems (z/OSMF V2.1 with PTF for APAR PI32148)
•REST API for Software Management (z/OSMF V2.1 with PTF for APAR PI32158)
•REST API for z/OSMF Workflow (z/OSMF V2.1 with PTF for APAR PI32163)•Notifications (z/OSMF V2.1) View and act on the z/OSMF notifications that have been assigned to you•Use of WebSphere Liberty Profile (z/OSMF V2.1) faster startup, uses less resources•Workflow (z/OSMF V2.1) Perform a guided set of steps, for example, to configure components or products in your installation. With PTF UI90005, A workflow step can use output from another workflow step; also a workflow step can be performed conditionally. •Import Manager (z/OSMF V2.1 with PTF UI16044) Import plug-ins, event types, event handlers, and links into z/OSMF.•System Setting - Discover the system definition that hosts the z/OSMF instance (z/OSMF V2.1 with PTF UI90005)
Problem Management & Analysis Installation, Migration, & Maintenance Configuration and Performance
Simplify and modernize the user experience and programming requirements
Incident Log (z/OSMF V1.11)provides a consolidated list of SVC Dump related problems, along with details and diagnostic data captured with each incident. It also facilitates sending the data for further diagnostics.
SDSF (z/OSMF V2.1 with PTF UI15294) provides a browser-based SDSF application designed to run in a z/OSMF environment that takes advantage of a graphical user interface.
5September 2015© Copyright IBM Corporation 2015. These materials may not be reproduced in
whole or in part without the prior written permission of IBM.
IBM z/OS Management Facility
The Application Stack
• The z/OS Management Facility applications run on the z/OS enabling you to
manage z/OS from z/OS
– Information is presented on a PC using a browser
• The z/OS Management Facility requires:
– z/OS Communications Server
– Security definitions (SAF)
– Other components are required for specific z/OSMF plug-ins
– IBM 64-bit SDK for z/OS Java Technology Edition V7.1
z/OS Components
• Communications
Server IP
• SAF
• and others for
specific plug-ins
Browser
z/OSMF Server
• WAS Liberty profile
•z/OSMF plug-ins
IBM 64-bit SDK for z/OS
Java Technology Edition V7.1
HTTP(s)
6September 2015© Copyright IBM Corporation 2015. These materials may not be reproduced in
whole or in part without the prior written permission of IBM.
Agenda
• Background
• Overview of z/OSMF
• z/OSMF V1 (R11-R13) Configuration
• z/OSMF V2.1 Configuration
• Configuration Changes for z/OSMF V2.2
• New user setup to configure z/OSMF “base”
• Existing user migrating to z/OSMF V2.2
• Accessing the z/OSMF Welcome Page
• Adding additional “plug-ins”
• Configuring the z/OS requisites
• Configuring z/OSMF to include the “plug-ins”
• Adding External Plug-ins (e.g., SDSF)
• Secure Communication Between z/OSMF Instances
• Authorizing users to z/OSMF
7September 2015© Copyright IBM Corporation 2015. These materials may not be reproduced in
whole or in part without the prior written permission of IBM.
z/OSMF V1 (R11-R13) Configuration
• z/OSMF used WAS OEM as its runtime environment
• Users had to first configure WAS OEM, and then configure z/OSMF (and its requisites)
• Both WAS OEM and z/OSMF:
• Used z/OS UNIX shellscripts for their configuration
• Had three (3) paths for their configuration script
• Had a bootstrap process to:
1. Define configuration parameters
2. Use those configuration parameters for security definitions
3. Use the configuration values to build their executables
• Because there weren’t many z/OSMF plug-ins, users were encouraged to initially configure all the plug-ins that they might ever use
• This resulted in some users delaying their rollout due to missing z/OS requisites
8September 2015© Copyright IBM Corporation 2015. These materials may not be reproduced in
whole or in part without the prior written permission of IBM.
z/OSMF V1 (R11-R13) Configuration (picture)
Input
Mode
Interactive,
w/override fileInteractive,
w/o override file
Fastpath
w/override file
Configure
Prerequisites
Create
Security Definitions
Build
Executables
Input
Mode
Interactive,
w/override fileInteractive,
w/o override file
Fastpath
w/override file
Configure
Prerequisites
Create
Security Definitions
Build
Executables
Start session
Verify
9September 2015© Copyright IBM Corporation 2015. These materials may not be reproduced in
whole or in part without the prior written permission of IBM.
z/OSMF V1 (R11-R13) Configuration …
• What we heard …
• Why is IBM’s “simplification” product so hard to
configure?
• Why do I need to ask my security administrator to
perform so many tasks
• How do I tell my security administrator what they
have to do since we don’t use RACF?
• Why do I have to use z/OS UNIX to configure
z/OSMF?
• Why does Incident Log have so many requisites?
10September 2015© Copyright IBM Corporation 2015. These materials may not be reproduced in
whole or in part without the prior written permission of IBM.
Agenda
• Background
• Overview of z/OSMF
• z/OSMF V1 (R11-R13) Configuration
• z/OSMF V2.1 Configuration
• Configuration Changes for z/OSMF V2.2
• New user setup to configure z/OSMF “base”
• Existing user migrating to z/OSMF V2.2
• Accessing the z/OSMF Welcome Page
• Adding additional “plug-ins”
• Configuring the z/OS requisites
• Configuring z/OSMF to include the “plug-ins”
• Adding External Plug-ins (e.g., SDSF)
• Secure Communication Between z/OSMF Instances
• Authorizing users to z/OSMF
11September 2015© Copyright IBM Corporation 2015. These materials may not be reproduced in
whole or in part without the prior written permission of IBM.
z/OSMF V2.1 Configuration
• z/OSMF no longer used WAS OEM as its runtime environment
• It uses WebSphere Liberty Profile
• WebSphere Liberty Profile is configured as part of z/OSMF
• Users still had to configure z/OSMF (and its requisites)
• Using z/OS UNIX shellscripts for their configuration
• Choosing among three (3) paths for their configuration script
• Follow the configuration process
1. Define configuration parameters
2. Use those configuration parameters for security definitions
3. Use the configuration values to build their executables
• Users were encouraged to initially configure just the base
instance, and then all the plug-ins that they might ever use
• This resulted in a quicker startup of z/OSMF
12September 2015© Copyright IBM Corporation 2015. These materials may not be reproduced in
whole or in part without the prior written permission of IBM.
z/OSMF V2.1 Configuration (picture)
Input
Mode
Interactive,
w/override fileInteractive,
w/o override file
Fastpath
w/override file
Configure
Prerequisites
Start session
Verify
Create
Security Definitions
Build
Executables
13September 2015© Copyright IBM Corporation 2015. These materials may not be reproduced in
whole or in part without the prior written permission of IBM.
z/OSMF V2.1 Configuration …
• What we heard …
• Everybody likes the use of the WAS Liberty Profile
• Not sure how much the lack of configuring WAS OEM plays
into that
• Everybody likes the faster startup, use of less resources
(CPU and storage)
• From existing customers …
• The configuration process improved
• There are a lot of tasks my security administrator has to
perform
• RACF and (non-RACF) users liked the Security Appendix in
the z/OSMF Configuration Guide
• Why do I have to use z/OS UNIX to configure z/OSMF
• Why can’t IBM’s “simplification tool” use a graphical interface
to assist with its configuration?
• Or, its too bad z/OSMF can’t use z/OSMF to configure itself
14September 2015© Copyright IBM Corporation 2015. These materials may not be reproduced in
whole or in part without the prior written permission of IBM.
Configuration Workflow Evolution
• z/OSMF V2.1 (GA), configuration workflow provided documentation that described instructions on how the tasks could be performed manually.
• z/OSMF V2.1 (PTF UI16044*), configuration workflow provided the a number of wizards to guide the user to implement the requisites for Incident log and configure z/OSMF to add plug-ins.
• z/OSMF V2.1 (PTF UI90005**), configuration workflow provides some discovery functions and utilizes the import function of z/OSMF configuration properties.
• z/OSMF V2.1 (PTF UI90022***), the configuration workflow now exploits conditional execution to base the steps required to setup ISPF, WLM, Capacity Provisioning, or Incident Log based on the current system configuration.
* available for z/OSMF V2.1 with PTF UI16044 and its requisite PTFs
** available for z/OSMF V2.1 with PTF UI90005 and its requisite PTFs
*** available for z/OS V2.1 with PTFs UI90019 and UI90022 and their requisite PTFs
15September 2015© Copyright IBM Corporation 2015. These materials may not be reproduced in
whole or in part without the prior written permission of IBM.
Agenda
• Background
• Overview of z/OSMF
• z/OSMF V1 (R11-R13) Configuration
• z/OSMF V2.1 Configuration
• Configuration Changes for z/OSMF V2.2
• New user setup to configure z/OSMF “base”
• Existing user migrating to z/OSMF V2.2
• Accessing the z/OSMF Welcome Page
• Adding additional “plug-ins”
• Configuring the z/OS requisites
• Configuring z/OSMF to include the “plug-ins”
• Adding External Plug-ins (e.g., SDSF)
• Secure Communication Between z/OSMF Instances
• Authorizing users to z/OSMF
16September 2015© Copyright IBM Corporation 2015. These materials may not be reproduced in
whole or in part without the prior written permission of IBM.
z/OSMF V2.2 Configuration
• Objective
• Configure z/OSMF like other z/OS functions
• Eliminate the use of z/OS UNIX shellscripts to configure z/OSMF
• Use PARMLIB to specify configuration parameters
• Provide sample members for
• PARMLIB specification
• Security definitions
• Creation/migration of z/OS UNIX filesystem
• Utilize z/OSMF Workflows to provide a graphical interface step the user through plug-in prerequisite configuration
• Planned 4Q2015*
• Documented in the IBM z/OS Management Facility
Configuration Guide V2.2 (SC27-8419)
• Additional documentation in DOC APAR PI46099
• The PTF will be installed in all z/OS V2.2 ServerPacs!!!
Enabled by PTF UI90027 (available August 5, 2015)
* Planned. All statements regarding IBM's plans, directions, and intent are subject to change or withdrawal without notice.
17September 2015© Copyright IBM Corporation 2015. These materials may not be reproduced in
whole or in part without the prior written permission of IBM.
z/OSMF V2.2 Configuration …
• Eliminate use of z/OS UNIX Shellscripts and REXX
EXECs
• izumigrate.sh will still be used to assist in migration
• Eliminate the use of generated customized REXX
EXECs for RACF security definitions
• Eliminate configuration parameters only needed to
customize security definitions
• Eliminate the use of z/OS UNIX Shellscripts and
generated customized REXX EXECs to authorize
users to use z/OSMF
18September 2015© Copyright IBM Corporation 2015. These materials may not be reproduced in
whole or in part without the prior written permission of IBM.
z/OSMF V2.2 Configuration …
• Use PARMLIB to specify configuration parameters• PARMLIB member IZUPRMxx contains remaining configuration
parameters• Members can contain comments /* comment */• Members can use of system symbols• Members can be concatenated (xx,yy,zz,…)• Member can be in any data set in the logical PARMLIB concatenation
• IZUPRMxx is optional.• Not needed if all defaults are used
• Sample PARMLIB member provided• SYS1.SAMPLIB(IZUPRM00)
• Tip: Specify values only for those defaults that you want to override (that is, omit any statement for which the default value is acceptable). • Doing so will ensure that you always obtain the default values, even if
they happen to change in a future release.• New parameter added to the IZUSVR1 started procedure to
identify PARMLIB member(s) to use• Concatenation of members is supported
• IZUPRM=‘(xx,yy,zz)’• Default is IZUPRM=NONE
19September 2015© Copyright IBM Corporation 2015. These materials may not be reproduced in
whole or in part without the prior written permission of IBM.
z/OSMF V2.2 Configuration …
• SAMPLIB(IZUPRM00)HOSTNAME('*')
HTTP_SSL_PORT(443)
INCIDENT_LOG UNIT('SYSALLDA')
JAVA_HOME('/usr/lpp/java/J7.1_64')
KEYRING_NAME('IZUKeyring.IZUDFLT')
LOGGING('*=warning:com.ibm.zosmf.*=info:com.ibm.zosmf.environment.ui=fi
ner')
RESTAPI_FILE ACCT(IZUACCT) REGION(32768) PROC(IZUFPROC)
SAF_PREFIX('IZUDFLT')
SEC_GROUPS USER(IZUUSER),ADMIN(IZUADMIN),SECADMIN(IZUSECAD)
SESSION_EXPIRE(495)
TEMP_DIR('/tmp')
UNAUTH_USER(IZUGUEST)
WLM_CLASSES DEFAULT(IZUGHTTP) LONG_WORK(IZUGWORK)
/* Uncomment the following statement and any plugins that
are desired */
/* PLUGINS( */
/* INCIDENT_LOG, */
/* COMMSERVER_CFG, */
/* WORKLOAD_MGMT */
/* RESOURCE_MON, */
/* CAPACITY_PROV, */
/* SOFTWARE_MGMT, */
/* ISPF) */
20September 2015© Copyright IBM Corporation 2015. These materials may not be reproduced in
whole or in part without the prior written permission of IBM.
z/OSMF V2.2 Configuration …
• SAMPLIB(IZUxxSEC)• IZUSEC – defines base (“Core”) z/OSMF security definitions
• IZUCASEC – defines security definitions for Configuration Assistant
• IZUCPSEC – defines security definitions for Capacity Provisioning
• IZUDMSEC – defines security definitions for Software Management
• IZUILSEC – defines security definitions for Incident Log
• IZUISSEC – defines security definitions for ISPF
• IZURMSEC – defines security definitions for Resource Monitoring
• IZUWLSEC – defines security definitions for Workload Management
• SAMPLIB(IZUAUTH) – security definitions to authorize a
user to use z/OSMF
21September 2015© Copyright IBM Corporation 2015. These materials may not be reproduced in
whole or in part without the prior written permission of IBM.
z/OSMF V2.2 Configuration …
SAMPLIB(IZUMKFS)• Defines, formats, and temporarily mounts the z/OSMF user file system.• Initializes the z/OSMF user file system, which contains configuration settings and
persistence information for z/OSMF.• The job performs the following actions:
• Allocates the z/OSMF user file system as /var/zosmf.• Mounts the filesystem at mount point /var/zosmf:
• As a zFS type file system• With the option PARM('AGGRGROW') to allow the filesystem to grow
dynamically, as needed• With the option UNMOUNT to ensure that it is unmounted if the z/OS
system becomes unavailable• Changes the ownership and permissions and ownership of the directories and
files in the z/OSMF user file system, as follows:• The file system is owned by the IZUSVR user ID and the IZUADMIN
security group• The file system is protected with the permissions 755
• It is recommended that you give the z/OSMF file system sysplex-wide scope.• To do so, update the job to ensure that it mounts the user directory at a
shared mount point.
22September 2015© Copyright IBM Corporation 2015. These materials may not be reproduced in
whole or in part without the prior written permission of IBM.
Agenda
• Background
• Overview of z/OSMF
• z/OSMF V1 (R11-R13) Configuration
• z/OSMF V2.1 Configuration
• Configuration Changes for z/OSMF V2.2
• New user setup to configure z/OSMF “base”
• Existing user migrating to z/OSMF V2.2
• Accessing the z/OSMF Welcome Page
• Adding additional “plug-ins”
• Configuring the z/OS requisites
• Configuring z/OSMF to include the “plug-ins”
• Adding External Plug-ins (e.g., SDSF)
• Secure Communication Between z/OSMF Instances
• Authorizing users to z/OSMF
23September 2015© Copyright IBM Corporation 2015. These materials may not be reproduced in
whole or in part without the prior written permission of IBM.
New User Setup/Configuration
Configuring an instance of z/OSMF is done by:
1. Setting up security
2. Creating the z/OSMF z/OS UNIX filesystem
3. Optionally, configuring z/OSMF parameters
4. Ensure that the SMP/E installed procedures are in your
JES PROCLIB concatenation
5. Starting the z/OSMF server
6. Update PARMLIB members or automation for subsequent
IPLs
24September 2015© Copyright IBM Corporation 2015. These materials may not be reproduced in
whole or in part without the prior written permission of IBM.
New User Setup/Configuration …
• Setting up Security
• Run SAMPLIB(IZUSEC)
• You may need to modify the sample job to either:
• Conform to installation standards
• Uncomment out definitions based on your existing security environment
• One advantage of the SAMPLIB member(s) is that from release to release (or even after New Function PTFs) you can use ISPF to compare and identify what has changed!!!
• Of course, the first time you setup security, everything is new!
• If your installation uses a security management product other than RACF, do not use the SAMPLIB member
• Instead, your installation must create equivalent commands for your security product.
• See Appendix A in the z/OSMF Configuration Guide for a list of resources, groups, IDs, and authorizations that need to be defined to your security product.
25September 2015© Copyright IBM Corporation 2015. These materials may not be reproduced in
whole or in part without the prior written permission of IBM.
New User Setup/Configuration …
• Creating the z/OSMF z/OS UNIX Filesystem• Run a modified SAMPLIB(IZUMKFS)
• You must select a volume for this allocation.
• By default the filesystem data set name is IZU.SIZUUSRD
• If you want to change the data set name, it needs to be changed
in three (3) steps: DEFINE, CREATE, and MOUNT
• By default the mountpoint is /var/zosmf
• It is recommended that you give the z/OSMF file system sysplex-
wide scope.
• To do so, update the job to ensure that it mounts the user
directory at a shared mount point.
• For example, /sharedapps/zosmf
• If you change the default mountpoint, you will have to change
all references of /var/zomsf in the job.
26September 2015© Copyright IBM Corporation 2015. These materials may not be reproduced in
whole or in part without the prior written permission of IBM.
New User Setup/Configuration …
• Optionally, Configuring z/OSMF Parameters• Create one or more IZUPRMxx PARMLIB members
• Note:
• We don’t use the default Java Home Directory
• The comments shown would need to be spilt over multiple
lines due to the 72 column limit
• Eventually, you may want to modify that member, or create a new
one to specify the Plug-ins that you want to use
HOSTNAME(*) /* Defaults to the current HOSTNAME on the system */
HTTP_SSL_PORT(&ZOSMFPORT.) /* Use a user defined System Symbol defined in IEASYMxx */
JAVA_HOME('/usr/lpp/java710/java/J7.1_64') /* Location of the JAVA SDK 7.1 64-bit home directory */
PLUGINS(INCIDENT_LOG,
COMMSERVER_CFG,
WORKLOAD_MGMT,
RESOURCE_MON,
CAPACITY_PROV,
SOFTWARE_MGMT,
ISPF)
27September 2015© Copyright IBM Corporation 2015. These materials may not be reproduced in
whole or in part without the prior written permission of IBM.
New User Setup/Configuration …
Ensure that the SMP/E installed procedures are in your JES PROCLIB
concatenation
• z/OSMF requires that the following cataloged procedures be installed on
your system:• Started procedures for the z/OSMF server: IZUANG1 and IZUSVR1.
• Logon procedure for the z/OS data set and file REST interface (IZUFPROC)
• You can use an alternative logon procedure, if it provides the same
function as the shipped IZUFPROC procedure.
• ServerPac and CustomPac users: • Ensure that SYS1.IBM.PROCLIB (or whatever you renamed it to) resides in
the JES PROCLIB concatenation.
• Or, copy its contents to a data set in the JES PROCLIB concatenation.
• CBPDO users: • Ensure that SYS1.PROCLIB (or whatever you renamed it to) resides in the
JES PROCLIB concatenation).
• Or, copy its contents to a data set in the JES PROCLIB concatenation.
• Note that these steps are the same as you would do for any SMP/E
installed cataloged procedure that is provided with z/OS.
28September 2015© Copyright IBM Corporation 2015. These materials may not be reproduced in
whole or in part without the prior written permission of IBM.
New User Setup/Configuration …
• Starting the z/OSMF Servers• Before users can access z/OSMF, the z/OSMF server must be
active.
• To start the z/OSMF server manually, you can enter the START
command from the operator console.
• The START command specifies the procedure name to start and,
optionally, the job name to use. For example:
• START IZUANG1,JOBNAME=jobname
• START IZUSVR1,JOBNAME=jobname,IZUPRM=‘(xx,yy)’
• You ONLY need the IZUPRM parameter if you want to point to
one or more IZUPRMxx PARMLIB members for configuration
values
• Start the tasks in the following sequence: IZUANG1 followed by
IZUSVR1.
• Otherwise, z/OSMF users might encounter authorization errors
later when they attempt to log in to z/OSMF.
29September 2015© Copyright IBM Corporation 2015. These materials may not be reproduced in
whole or in part without the prior written permission of IBM.
New User Setup/Configuration …
• Update PARMLIB members or automation for
subsequent IPLs• Copy the mount commands from the sample mount job to your
BPXPRMxx parmlib member
• Add the START commands for the started procedures to your
COMMNDxx parmlib member; or update system automation
procedures.
• Add the started procedure names to the AUTOLOG statement in
your TCP/IP profile.
30September 2015© Copyright IBM Corporation 2015. These materials may not be reproduced in
whole or in part without the prior written permission of IBM.
Agenda
• Background
• Overview of z/OSMF
• z/OSMF V1 (R11-R13) Configuration
• z/OSMF V2.1 Configuration
• Configuration Changes for z/OSMF V2.2
• New user setup to configure z/OSMF “base”
• Existing user migrating to z/OSMF V2.2
• Accessing the z/OSMF Welcome Page
• Adding additional “plug-ins”
• Configuring the z/OS requisites
• Configuring z/OSMF to include the “plug-ins”
• Adding External Plug-ins (e.g., SDSF)
• Secure Communication Between z/OSMF Instances
• Authorizing users to z/OSMF
31September 2015© Copyright IBM Corporation 2015. These materials may not be reproduced in
whole or in part without the prior written permission of IBM.
Existing User Configuration Migration
• Configuring an instance of z/OSMF is done by:1. Run izumigrate.sh to build a customized IZUPRMxx
based on your existing configuration
2. Setting up security– Minimal changes from z/OSMF V2.1
3. Migrate the z/OSMF z/OS UNIX filesystem
4. Ensure that the SMP/E installed procedures are in your JES PROCLIB concatenation
– Same as for new user
5. Modify the Start parameters for the z/OSMF server– Same as for new user
6. Update PARMLIB members or automation for subsequent IPLs
– Same as for new user
32September 2015© Copyright IBM Corporation 2015. These materials may not be reproduced in
whole or in part without the prior written permission of IBM.
Existing User Configuration Migration …
• Run the izumigrate.sh script on the new system using the
configuration file from your current (old) system as input.
• The script creates an IZUPRMxx PARMLIB member with values
that match the configuration values from your old system.
• When possible, the script retains your current settings.
• For any values that are no longer valid for z/OSMF, the script omits the
values when it creates the IZUPRMxx parmlib member.
• For values that already match the z/OSMF defaults, the script omits
the values from the IZUPRMxx parmlib member.
• If your existing configuration file contains commented sections (it
should not), the script removes this information from the IZUPRMxx
parmlib member.
• If an IZUPRMxx member already exists at the specified location,
the script prompts you for a response to overwrite the existing
member.
• To avoid this prompt, you can include the option -noprompt on the
script invocation.
33September 2015© Copyright IBM Corporation 2015. These materials may not be reproduced in
whole or in part without the prior written permission of IBM.
Existing User Configuration Migration …
Example of running izumigrate.sh script
• The izumigrate.sh script is used to create PARMLIB member IZUPRM01, based on your current configuration settings.
• Parameters are:• -configDir – directory of the existing (old) configuration file• -configFilePath – file name and location of the existing
configuration file• -izuprmSuffix – two (2) character suffix to be used for the
generated PARMLIB member• -parmlibDsn – data set name to be updated by the script. It does
not have to be an active data set in the PARMLIB concatenation
• The script runs extremely fast
izumigrate.sh -configDir /etc/zosmf -configFilePath /etc/zosmf/izuconfig1.cfg
-izuprmSuffix 01 -parmlibDsn SYS1.PARMLIB
34September 2015© Copyright IBM Corporation 2015. These materials may not be reproduced in
whole or in part without the prior written permission of IBM.
Existing User Configuration Migration …
• Setting up Security• You could run SAMPLIB(IZUSEC)
• However, depending on the release and PTF level that you are
coming from, most definitions could already exist.
• One advantage of the SAMPLIB member(s) is that from release
to release (or even after New Function PTFs) you can use ISPF
to compare and identify what has changed!!!
• Unfortunately, that doesn’t help going to z/OSMF V2.2
• If your installation uses a security management product other than
RACF, do not use the SAMPLIB member
• Instead, your installation must create equivalent commands for
your security product.
• See Appendix A in the z/OSMF Configuration Guide for a list of
resources, groups, IDs, and authorizations that need to be
defined to your security product.
35September 2015© Copyright IBM Corporation 2015. These materials may not be reproduced in
whole or in part without the prior written permission of IBM.
Existing User Configuration Migration …
• Migrating the z/OSMF z/OS UNIX Filesystem• Run a modified SAMPLIB(IZUMKFS)
• You must select a volume for this allocation.
• By default the filesystem data set name is IZU.SIZUUSRD
• If you want to change the data set name, it needs to be changed
in three (3) steps: DEFINE, CREATE, and MOUNT
• By default the mountpoint is /var/zosmf
• It is recommended that you give the z/OSMF file system sysplex-
wide scope.
• To do so, update the job to ensure that it mounts the user
directory at a shared mount point.
• For example, /sharedapps/zosmf
• If you change the default mountpoint, you will have to change
all references of /var/zomsf in the job.
• You will need to uncomment out the MIGRATE step (next slide)
36September 2015© Copyright IBM Corporation 2015. These materials may not be reproduced in
whole or in part without the prior written permission of IBM.
Existing User Configuration Migration …
• Migrating the z/OSMF z/OS UNIX Filesystem …• Locate the job step MIGRATE, which is commented out.
• This step contains JCL that you can use to copy the data file system from your old system to the user file system on the new system.
• Uncomment the step (JCL and input) and update it so that it references the data file system to be copied.
• In previous releases, you specified this directory on the <IZU_DATA_DIR> configuration variable, which, by default, was /var/zosmf/data.
• Ensure that the old filesystem is remounted at a different mount point; you cannot use /var/zosmf/data because that mount point will be used for the new file system.
• Specify the mount point of old file system in place of the value /OldDataFileSystemMountPoint.
//MIGRATE EXEC PGM=IKJEFT01,
// COND=((4,LT,DEFINE),(4,LT,CREATE),(4,LT,MOUNT))
//SYSTSPRT DD SYSOUT=*
//SYSTSIN DD *
BPXBATCH PGM /bin/cp -Rpv /var/oldzosmf21/data +
/sharedapps/zosmf/data
BPXBATCH PGM /bin/chown -hR IZUSVR:IZUADMIN /sharedapps/zosmf/
BPXBATCH PGM /bin/chmod -hR 755 /sharedapps/zosmf/
Replaced
/OldDataFileSystemMountPoint
with /var/oldzosmf21/data to reflect
location of old file system
37September 2015© Copyright IBM Corporation 2015. These materials may not be reproduced in
whole or in part without the prior written permission of IBM.
Existing user migrating to z/OSMF V2.2
• Migrating to a new release of z/OSMF involves the
following steps:1. Perform actions you can perform before installing z/OSMF V2.2
• These are migration actions that you perform on your current
(old) system before you install or configure z/OSMF V2.2.
2. Perform actions you perform before configuring z/OSMF V2.2
• These are migration actions that you perform after you have
SMP/E installed z/OS V2.2, but before you have configured or
activated the product.
3. Perform actions you perform after activating z/OSMF V2.2
• These are migration actions that you can perform only after you
have started the z/OSMF server.
4. When you are certain that you will not need to fallback to your
current (old) release, you can perform the post-migration
actions to:
– Clean-up actions to perform when satisfied with the new release
– Exploit new capabilities
38September 2015© Copyright IBM Corporation 2015. These materials may not be reproduced in
whole or in part without the prior written permission of IBM.
z/OSMF V1.13 to z/OSMF V2.2 Migration
Step Description
M1: Actions you can perform before installing z/OSMF V2.2
a. Convert to SAF Authorization Mode
M2: Actions you perform before configuring z/OSMF V2.2
a. Remove the most-generic profile for z/OSMF authorizations*
b. Authorize the z/OSMF server to create PassTickets
c. Setting up the z/OSMF started procedures
M3: Actions you perform after activating z/OSMF V2.2
a. Notify users of the correct URL to use for z/OSMF V2.2 (if you change port numbers)
b. Recreate all table filters in the z/OSMF user interface*
* Also applicable to z/OSMF 2.1 to z/OSMF 2.2 migrations
39September 2015© Copyright IBM Corporation 2015. These materials may not be reproduced in
whole or in part without the prior written permission of IBM.
M4: Clean-up actions to perform when satisfied with the new release
• C1 - Cleanup old SAF profile prefix definitions
• C2 - Cleanup old port definitions
• C3 - Cleanup ZOSMFAD owned objects and authorizations from previous releases
• C4 - Cleanup WebSphere constructs from previous releases
• C5 - Cleanup APF Authorization for SYS1.MIGLIB
• C6: Cleanup SURROGAT Class profiles
• C7: Cleanup old configuration files• All files under /etc/zosmf (default directory)
z/OSMF V1.13 to z/OSMF V2.2 Migration
40September 2015© Copyright IBM Corporation 2015. These materials may not be reproduced in
whole or in part without the prior written permission of IBM.
Agenda
• Background
• Overview of z/OSMF
• z/OSMF V1 (R11-R13) Configuration
• z/OSMF V2.1 Configuration
• Configuration Changes for z/OSMF V2.2
• New user setup to configure z/OSMF “base”
• Existing user migrating to z/OSMF V2.2
• Accessing the z/OSMF Welcome Page
• Adding additional “plug-ins”
• Configuring the z/OS requisites
• Configuring z/OSMF to include the “plug-ins”
• Adding External Plug-ins (e.g., SDSF)
• Secure Communication Between z/OSMF Instances
• Authorizing users to z/OSMF
41September 2015© Copyright IBM Corporation 2015. These materials may not be reproduced in
whole or in part without the prior written permission of IBM.
Accessing the z/OSMF Welcome page
• At the end of the z/OSMF configuration process, you can verify the results of your work by opening a web browser to the Welcome page.
• The URL for the Welcome page has the following format:• https://hostname:port/zosmf/where:
• hostname is the hostname or IP address of the system in which z/OSMF is installed
• port is the secure application port for the z/OSMF configuration. port is optional. If you specified a secure port for SSL encrypted traffic during the configuration process (through variable IZU_HTTP_SSL_PORT), that value is required to log in. Otherwise, it is assumed that you are using port 443, the default.
• To find the URL, see message IZUG349I, which was written to the job log file when IZUSVR1 was started.
IZUG210I: The z/OSMF Configuration Utility has completed successfully at Tue Jul
IZUG349I: The z/OSMF Server home page can be accessed at
: https://ALPS4142.POK.IBM.COM/zosmf
: after the z/OSMF server is started on your system.
Launching zosmfServer (WebSphere Application Server/wlp-1.0.9.cl50620150610-1749
42September 2015© Copyright IBM Corporation 2015. These materials may not be reproduced in
whole or in part without the prior written permission of IBM.
z/OSMF Log in Pop-up Window
Secure authentication to z/OS host using regular
z/OS User ID and password.
43September 2015© Copyright IBM Corporation 2015. These materials may not be reproduced in
whole or in part without the prior written permission of IBM.
z/OSMF About Pop-up Window
Pop-up window that identifies which plug-ins have
been configured and the last time the plug-in (or core
function) was updated (e.g., by service).
44September 2015© Copyright IBM Corporation 2015. These materials may not be reproduced in
whole or in part without the prior written permission of IBM.
Agenda
• Background
• Overview of z/OSMF
• z/OSMF V1 (R11-R13) Configuration
• z/OSMF V2.1 Configuration
• Configuration Changes for z/OSMF V2.2
• New user setup to configure z/OSMF “base”
• Existing user migrating to z/OSMF V2.2
• Accessing the z/OSMF Welcome Page
• Adding additional “plug-ins”
• Configuring the z/OS requisites
• Configuring z/OSMF to include the “plug-ins”
• Adding External Plug-ins (e.g., SDSF)
• Secure Communication Between z/OSMF Instances
• Authorizing users to z/OSMF
45September 2015© Copyright IBM Corporation 2015. These materials may not be reproduced in
whole or in part without the prior written permission of IBM.
• Using the z/OSMF Workflow enables you to follow a step by step
procedure to configure the z/OS functions needed for one or more
z/OSMF plug-ins.
• Specifically, it allows you to:
• Assign individual steps to different z/OSMF users
• Notify z/OSMF users when steps are assigned to them
• Allowing them to accept the task (agree to perform it)
• Track the progress of your configuration
• Notify z/OSMF users when steps a step assigned to them is ready to
run
• Assist you in performing some tasks, or walking you though the
latest documentation for others
• The workflow is planned to be enhanced 4Q2015 to support the new
z/OSMF V2.2 configuration changes*
Use of z/OSMF Workflow for Configuration
* Planned. All statements regarding IBM's plans, directions, and intent are subject to change or withdrawal without notice.
46September 2015© Copyright IBM Corporation 2015. These materials may not be reproduced in
whole or in part without the prior written permission of IBM.
Agenda
• Background
• Overview of z/OSMF
• z/OSMF V1 (R11-R13) Configuration
• z/OSMF V2.1 Configuration
• Configuration Changes for z/OSMF V2.2
• New user setup to configure z/OSMF “base”
• Existing user migrating to z/OSMF V2.2
• Accessing the z/OSMF Welcome Page
• Adding additional “plug-ins”
• Configuring the z/OS requisites
• Configuring z/OSMF to include the “plug-ins”
• Adding External Plug-ins (e.g., SDSF)
• Secure Communication Between z/OSMF Instances
• Authorizing users to z/OSMF
47September 2015© Copyright IBM Corporation 2015. These materials may not be reproduced in
whole or in part without the prior written permission of IBM.
Previous Procedure to Add z/OSMF Plug-ins
Action to perform Script invocation Performed by
Configure z/OSMF with
–add
izusetup.sh -file <pathname/filename>.cfg
–config -add
z/OSMF installer
(Superuser)
Run the security
commands for the added
z/OSMF Plug-ins
<IZU_CONFIG_DIR>/izuconfig1.cfg.add.IL
.CA.WLM.RMF.CP.WISPF.DM.rexx
Security
Administrator
Verify the RACF security
setup
izusetup.sh -file <pathname/filename>.cfg
-verify racf
Security
Administrator
Complete the setup with
–add
izusetup.sh -file <pathname/filename>.cfg
–finish –add
z/OSMF installer
(Superuser)
Restart the z/OSMF server P IZUSVR1
P IZUANG1
S IZUANG1
S IZUSVR1
System Operator
48September 2015© Copyright IBM Corporation 2015. These materials may not be reproduced in
whole or in part without the prior written permission of IBM.
Adding Optional z/OSMF Plug-ins
• Your decision on which plug-ins to configure will depend on your
installation's desire to use the function, and your readiness to
perform the various z/OS system requisite customization
associated with each plug-in.
• When planning for z/OSMF, review the system pre-requisites for
each plug-in
• To add a plug-in, you must:
1. Define z/OS prerequisites for the Plug-in
– Updated Workflow planned for 4Q2015*
2. Define security definitions for the Plug-in
– Use SAMPLIB(IZUxxSEC) or Configuration Guide
3. Create/update an IZUPRMxx PARMLIB member adding the
Plug-in to the list of plug-ins to be used.
– See slide 26
* Planned. All statements regarding IBM's plans, directions, and intent are subject to change or withdrawal without notice.
49September 2015© Copyright IBM Corporation 2015. These materials may not be reproduced in
whole or in part without the prior written permission of IBM.
Agenda
• Background
• Overview of z/OSMF
• z/OSMF V1 (R11-R13) Configuration
• z/OSMF V2.1 Configuration
• Configuration Changes for z/OSMF V2.2
• New user setup to configure z/OSMF “base”
• Existing user migrating to z/OSMF V2.2
• Accessing the z/OSMF Welcome Page
• Adding additional “plug-ins”
• Configuring the z/OS requisites
• Configuring z/OSMF to include the “plug-ins”
• Adding External Plug-ins (e.g., SDSF)
• Secure Communication Between z/OSMF Instances
• Authorizing users to z/OSMF
50September 2015© Copyright IBM Corporation 2015. These materials may not be reproduced in
whole or in part without the prior written permission of IBM.
Adding External Plug-ins (e.g., SDSF)
• Besides the optional plug-ins that are supplied with z/OSMF, your
installation can choose to add plug-ins from other sources (IBM or
other vendors) to your configuration.
• For example, the z/OS System Display and Search Facility (SDSF)
product supplies a plug-in for use with z/OSMF.
• For the installation and customization requirements for a particular
plug-in, see the documentation that is provided with the plug-in.
• To add the SDSF task to z/OSMF, you import a properties file
through the Import Manager task of z/OSMF, which is in the z/OSMF
Administration category.
• The properties file for SDSF is /usr/lpp/sdsf/zosmf/sdsf.properties
• The function provided by the SDSF task in z/OSMF is protected just
as z/OS SDSF is protected, with the same SAF resources and
ISFPARMS parameters.
52September 2015© Copyright IBM Corporation 2015. These materials may not be reproduced in
whole or in part without the prior written permission of IBM.
Import Manager
New navigation
task for z/OSMF
Administrators
53September 2015© Copyright IBM Corporation 2015. These materials may not be reproduced in
whole or in part without the prior written permission of IBM.
z/OSMF Import Manager ….
This is where you specify the properties
file for SDSF:
/usr/lpp/sdsf/zosmf/sdsf.properties
54September 2015© Copyright IBM Corporation 2015. These materials may not be reproduced in
whole or in part without the prior written permission of IBM.
Import Manager …
After you import the SDSF properties file, and define the
security definitions, authorized users will see the “Jobs and
Resources” category and the SDSF Plug-in
55September 2015© Copyright IBM Corporation 2015. These materials may not be reproduced in
whole or in part without the prior written permission of IBM.
Agenda
• Background
• Overview of z/OSMF
• z/OSMF V1 (R11-R13) Configuration
• z/OSMF V2.1 Configuration
• Configuration Changes for z/OSMF V2.2
• New user setup to configure z/OSMF “base”
• Existing user migrating to z/OSMF V2.2
• Accessing the z/OSMF Welcome Page
• Adding additional “plug-ins”
• Configuring the z/OS requisites
• Configuring z/OSMF to include the “plug-ins”
• Adding External Plug-ins (e.g., SDSF)
• Secure Communication Between z/OSMF Instances
• Authorizing users to z/OSMF
56September 2015© Copyright IBM Corporation 2015. These materials may not be reproduced in
whole or in part without the prior written permission of IBM.
Sysplex A
System 2 - backup
System 1
z/OSMF
(Local /
Primary)
HTTPS
HTTPS
Sysplex B
System 4 - backup
System 3
z/OSMF
(Remote /
Secondary)
HTTPS
Sysplex C
System 6 - backup
System 5
Browser
Poughkeepsie, NY
Las Vegas, Nev. Orlando, Fla.
z/OSMF Data
Directory
z/OSMF
(Remote /
Secondary)
Managing Multiple Sysplexes
z/OSMF Data
Directory
z/OSMF Data
Directory
All Software Management
data resides here
The Systems Task and Incident Log use data that
resides in the z/OSMF data directory in each sysplex
57September 2015© Copyright IBM Corporation 2015. These materials may not be reproduced in
whole or in part without the prior written permission of IBM.
Planning for Secure Communication Between
z/OSMF Instances
• The primary instance communicates with other z/OSMF instances
through Secure Sockets Layer (SSL) connections.
• Each SSL connection requires an exchange of digital certificates, which are
used to authenticate the z/OSMF server identities.
• For the SSL connection to be successful, the primary instance must be
configured to trust the server certificates from the secondary instances.
• For signing the server certificates, each instance uses a certificate
authority (CA) certificate.
• Establishing a trust relationship between instances will require knowing
which CA certificate is used to sign each secondary instance server
certificate.
• If you have not yet created any secondary instances of z/OSMF, you
might find it easier to create one CA certificate and use it to sign all of
the server certificates in the primary and secondary instances.
• If your installation uses separate security databases, you must
ensure that the appropriate certificates are shared by the
participating z/OSMF instances.
58September 2015© Copyright IBM Corporation 2015. These materials may not be reproduced in
whole or in part without the prior written permission of IBM.
Single Sign On
• Single sign-on (SSO) enables users to log into one z/OSMF instance and to
access other z/OSMF instances without getting prompted to log in again.
• z/OSMF uses the Lightweight Third Party Authentication (LTPA) security
protocol to enable a secure single sign-on environment among z/OSMF
instances.
• The LTPA protocol uses an LTPA token to authenticate a user with the
z/OSMF servers that are enabled for single sign-on.
• The LTPA token contains information about the user and is encrypted using
a cryptographic key.
• The z/OSMF servers pass the LTPA token to other z/OSMF servers through
cookies for web resources.
• If the receiving server uses the same key as the primary z/OSMF server --
the server that generated the key to be used for SSO, the receiving server
• decrypts the token to obtain the user information,
• verifies that the token has not expired, and
• confirms that the user ID exists in its user registry.
• After the receiving server validates the LTPA token, the server authenticates
the user with that z/OSMF instance, and allows the user to access any
resource to which the user is authorized.
59September 2015© Copyright IBM Corporation 2015. These materials may not be reproduced in
whole or in part without the prior written permission of IBM.
Single Sign On …
• To establish a single sign-on environment for z/OSMF, the following requirements must be satisfied:• The z/OSMF servers participating in the single sign-on environment must
reside in the same LTPA domain as the primary z/OSMF server. • The LTPA domain name is the parent portion of the fully qualified hostname
of the z/OSMF servers. • For example, if the fully-qualified hostname is server.yourco.com, the
LTPA domain is yourco.com.• The servers must share the same LTPA key.
• For z/OSMF, this is accomplished by invoking the Enable Single Sign-on action to synchronize the LTPA key on the primary and secondary z/OSMF servers. • For instructions, see the z/OSMF online help.
• The user ID of the user must exist and be the same in all System Authorization Facility (SAF) user registries. • It is recommended that you use the same user registry settings for all
z/OSMF servers so that users and groups are the same, regardless of the server.
• The value specified for the SAF prefix during the z/OSMF configuration process must be the same for each z/OSMF server you want to enable for single sign-on. • By default, the z/OSMF SAF prefix is IZUDFLT.
60September 2015© Copyright IBM Corporation 2015. These materials may not be reproduced in
whole or in part without the prior written permission of IBM.
Agenda
• Background
• Overview of z/OSMF
• z/OSMF V1 (R11-R13) Configuration
• z/OSMF V2.1 Configuration
• Configuration Changes for z/OSMF V2.2
• New user setup to configure z/OSMF “base”
• Existing user migrating to z/OSMF V2.2
• Accessing the z/OSMF Welcome Page
• Adding additional “plug-ins”
• Configuring the z/OS requisites
• Configuring z/OSMF to include the “plug-ins”
• Adding External Plug-ins (e.g., SDSF)
• Secure Communication Between z/OSMF Instances
• Authorizing users to z/OSMF
61September 2015© Copyright IBM Corporation 2015. These materials may not be reproduced in
whole or in part without the prior written permission of IBM.
Prior Procedure for Authorizing Users to z/OSMF
• Setting up Security1. The z/OSMF Administrator ran the izuauthuser.sh Shellscript
• izuauthuser.sh -file izuconfig1.cfg -userid userid -role role
2. The z/OSMF Administrator notified the Security Administrator of
the location of the generated REXX EXECs
3. The Security Administrator reviewed the REXX EXEC to verify that
the commands conformed to the installation standards
4. The Security Administrator ran the REXX EXEC (or the individual
security commands) connecting users to z/OSMF security groups
• Depending on what plug-ins were configured users may have
needed to be connected to additional groups
• Capacity Provisioning groups (CPOCTRL and
CPOQUERY)
• Workload Management group (WLMGRP)
• The CIM administration group (CFZADMGP)
62September 2015© Copyright IBM Corporation 2015. These materials may not be reproduced in
whole or in part without the prior written permission of IBM.
Authorizing existing z/OS users to z/OSMF
• Setting up Security• You could run a modified SAMPLIB(IZUAUTH)
• You have to edit the job to:
• Select the z/OSMF role
• Change “USERID” to the desired user ID
• Determine if the user needs access to the Capacity
Provisioning groups (CPOCTRL and CPOQUERY), Workload
Management group (WLMGRP), and the CIM administration
group (CFZADMGP)
• If your installation uses a security management product other than
RACF, do not use the SAMPLIB member
• Instead, your installation must create equivalent commands for
your security product.
• See Appendix A in the z/OSMF Configuration Guide for a list of
resources, groups, IDs, and authorizations that need to be
defined to your security product.
63September 2015© Copyright IBM Corporation 2015. These materials may not be reproduced in
whole or in part without the prior written permission of IBM.
Summary
64September 2015© Copyright IBM Corporation 2015. These materials may not be reproduced in
whole or in part without the prior written permission of IBM.
Summary (1 of 3)
• Configuration Changes Enabled by PTF UI90027 (available August 5, 2015)• Eliminate the use of z/OS UNIX shellscripts to configure z/OSMF• Use PARMLIB to specify configuration parameters• Provide sample members for: PARMLIB, security definitions,
and creation/migration of z/OS UNIX filesystem • Utilize z/OSMF Workflows to provide a graphical interface step
the user through plug-in prerequisite configuration• The workflow is planned to be enhanced 4Q2015 to support the new
z/OSMF V2.2 configuration changes*
• Documented in the IBM z/OS Management Facility
Configuration Guide V2.2 (SC27-8419)• Additional documentation in DOC APAR PI46099
• The PTF will be installed in all z/OS V2.2 ServerPacs!!!
* Planned. All statements regarding IBM's plans, directions, and intent are subject to change or withdrawal without notice.
65September 2015© Copyright IBM Corporation 2015. These materials may not be reproduced in
whole or in part without the prior written permission of IBM.
Summary (2 of 3)
• New user setup to configure z/OSMF “base” 1. Setting up security
2. Creating the z/OSMF z/OS UNIX filesystem
3. Optionally, configuring z/OSMF parameters
4. Ensure that the SMP/E installed procedures are in your JES PROCLIB
concatenation
5. Starting the z/OSMF server
6. Update PARMLIB members or automation for subsequent IPLs
• Existing user migrating to z/OSMF V2.21. Run izumigrate.sh to build a customized IZUPRMxx based on your
existing configuration
2. Setting up security
3. Migrate the z/OSMF z/OS UNIX filesystem
4. Ensure that the SMP/E installed procedures are in your JES PROCLIB
concatenation
5. Modify the Start parameters for the z/OSMF server
6. Update PARMLIB members or automation for subsequent IPLs
66September 2015© Copyright IBM Corporation 2015. These materials may not be reproduced in
whole or in part without the prior written permission of IBM.
Summary (3 of 3)
• Unsolicited feedback from an ESP customer:• “PTF UI90027 (the "new" z/OSMF configuration fix) is applied, I
actually waited for this before I started to implement z/OSMF… I
really like this new way of configuring z/OSMF!”
67September 2015© Copyright IBM Corporation 2015. These materials may not be reproduced in
whole or in part without the prior written permission of IBM.
Thank You
68September 2015© Copyright IBM Corporation 2015. These materials may not be reproduced in
whole or in part without the prior written permission of IBM.
Additional Information
• z/OS Management Facility website• http://www-03.ibm.com/systems/z/os/zos/features/zosmf/index.html
• IBM z/OS Management Facility Browser Compatibility• http://www-
03.ibm.com/systems/z/os/zos/features/zosmf/browser_notes.html
• z/OS Management Facility Publications
• http://www-03.ibm.com/systems/z/os/zos/features/zosmf/moreinfo/
• IBM z/OS Management Facility Configuration Guide (SC27-8419)
• IBM z/OS Management Facility Programming (SC27-8420)
• z/OS Management Facility Resource Requirements• http://www-
03.ibm.com/support/techdocs/atsmastr.nsf/WebIndex/WP101779
• z/OS Management Facility Downloads• http://www-03.ibm.com/systems/z/os/zos/features/zosmf/downloads/
69September 2015© Copyright IBM Corporation 2015. These materials may not be reproduced in
whole or in part without the prior written permission of IBM.
Continue growing your IBM skills
ibm.com/trainingprovides a comprehensive
portfolio of skills and career
accelerators that are designed
to meet all your training needs.
If you can’t find the training that is right for
you with our Global Training Providers, we can
help.
Contact IBM Training at [email protected] Skills Initiative